/**
 * 密码安全相关API路由
 */
const express = require("express");
const router = express.Router();
const passwordSecurity = require("../utils/passwordSecurity");

/**
 * 获取RSA公钥
 * GET /api/security/public-key
 */
router.get("/public-key", (req, res) => {
  try {
    const publicKey = passwordSecurity.getPublicKey();

    res.json({
      success: true,
      data: {
        publicKey,
        algorithm: "RSA-OAEP",
        keySize: 2048,
        hash: "SHA-256",
      },
      message: "公钥获取成功",
    });
  } catch (error) {
    console.error("❌ 公钥获取失败:", error);
    res.status(500).json({
      success: false,
      message: "公钥获取失败",
      error: error.message,
    });
  }
});

/**
 * 密码强度检查
 * POST /api/security/password-strength
 */
router.post("/password-strength", (req, res) => {
  try {
    const { password } = req.body;

    if (!password) {
      return res.status(400).json({
        success: false,
        message: "密码不能为空",
      });
    }

    // 如果密码是加密的，先解密
    let plainPassword;
    try {
      plainPassword = passwordSecurity.decryptPassword(password);
    } catch (decryptError) {
      // 如果解密失败，假设是明文密码
      plainPassword = password;
    }

    const strengthResult =
      passwordSecurity.checkPasswordStrength(plainPassword);

    res.json({
      success: true,
      data: strengthResult,
      message: "密码强度检查完成",
    });
  } catch (error) {
    console.error("❌ 密码强度检查失败:", error);
    res.status(500).json({
      success: false,
      message: "密码强度检查失败",
      error: error.message,
    });
  }
});

/**
 * 生成强密码建议
 * GET /api/security/generate-password
 */
router.get("/generate-password", (req, res) => {
  try {
    const { length = 12 } = req.query;
    const passwordLength = Math.min(Math.max(parseInt(length), 8), 32); // 限制在8-32位

    const strongPassword =
      passwordSecurity.generateStrongPassword(passwordLength);
    const strengthResult =
      passwordSecurity.checkPasswordStrength(strongPassword);

    res.json({
      success: true,
      data: {
        password: strongPassword,
        strength: strengthResult,
      },
      message: "强密码生成成功",
    });
  } catch (error) {
    console.error("❌ 强密码生成失败:", error);
    res.status(500).json({
      success: false,
      message: "强密码生成失败",
      error: error.message,
    });
  }
});

/**
 * 测试加密解密功能
 * POST /api/security/test-encryption
 */
router.post("/test-encryption", async (req, res) => {
  try {
    const { encryptedPassword } = req.body;

    if (!encryptedPassword) {
      return res.status(400).json({
        success: false,
        message: "加密密码不能为空",
      });
    }

    // 解密测试
    const decryptedPassword =
      passwordSecurity.decryptPassword(encryptedPassword);

    // 哈希测试
    const hashedPassword = await passwordSecurity.hashPassword(
      decryptedPassword
    );

    // 验证测试
    const isValid = await passwordSecurity.verifyPassword(
      decryptedPassword,
      hashedPassword
    );

    res.json({
      success: true,
      data: {
        decryptedLength: decryptedPassword.length,
        hashedPassword: hashedPassword.substring(0, 20) + "...", // 只显示前20个字符
        verificationResult: isValid,
      },
      message: "加密解密测试成功",
    });
  } catch (error) {
    console.error("❌ 加密解密测试失败:", error);
    res.status(500).json({
      success: false,
      message: "加密解密测试失败",
      error: error.message,
    });
  }
});

module.exports = router;
